package com.security.service;


import org.apache.shiro.util.AntPathMatcher;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import java.util.HashSet;
import java.util.Set;

/**
 * todo
 *
 * @author wangjie
 * @version V1.0
 * @date 2019/12/11
 */
@Component("rbacService")
public class RbacServiceImpl implements RbacService {

    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Override
    public boolean haspermission(HttpServletRequest request, Authentication authentication) {

        Object object = authentication.getPrincipal();
        //todo:默认应该是false
        boolean flg = true;

        if(object instanceof UserDetails){

            String username = ((UserDetails) object).getUsername();

            Set<String> urls = new HashSet<>();


            for (String url : urls){
                if(antPathMatcher.match(url,request.getRequestURL().toString())){
                    flg = true;
                    break;
                }
            }
        }

        return flg;
    }
}
